• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 144
  • Last Modified:

How to access my RWW or access my server using RDP/MSTSC from outside the office when port 443 is already in use

I have a Windows 2012 R2 Domain controller (VM) & Exchange 2013 with all the roles on another Windows 2012 R2 (VM)

These both virtual machine are hosted on Windows 2012 R2 single physical IBM machine.

I have forwarded port 443 using my router to Exchange 2013 private IP 192.168.5.5 (web access to exchange OWA)

Now I want to access Remote Work Space (RWW) that is enabled on the Domain Controller

I have found that its is also using port 443.

My router supports single wan connection. Cisco RV120W
(http://www.cisco.com/c/en/us/products/routers/rv120w-wireless-n-vpn-firewall/index.html)

So i can only use single IP address (though my ISP has allotted 5 public static IP)

How to access my RWW or access my server using RDP/MSTSC from outside the office.
0
Akash Bansal
Asked:
Akash Bansal
  • 7
  • 4
  • 3
  • +1
3 Solutions
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
1. Create a VPN. That gives unlimited access to the LAN resources, as you can use the internal IPs and ports. Probably not what you want to do for now.

2. Use a different public port, and map that to the real IP and port.

3. Create a virtual web root on the Exchange IIS with redirection to the real server (no clue how to do that, though).
0
 
Akash BansalIT ProfessionalAuthor Commented:
thanks for the suggestion
sorry i missed mentioning that I don't want to setup or connect through VPN
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
There are still 2 other suggestions ...
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Akash BansalIT ProfessionalAuthor Commented:
I am trying option number 2.

Port Forwarding Rule Table
      Action      Service      Status      Source IP      Destination IP      Internal Port       
      Always Allow      rww      Enabled      Any      192.168.5.2      443       
      Always Allow mail      Enabled      Any      192.168.5.5      443       

Custom Service Table
      Name      Type      ICMP Type / Port Range / Protocol Number       
      mail      TCP      443 - 443       
      rww      TCP      444 - 444

from out side the network i am trying:

https://mail.mydomain.com    (this is landing at exchange owa & working fine)

https://rww.mydomain.com:444 (this is not working)
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Can you try (just for test) to redirect 443 to RWW for a short time? Just seeing if the HTTPS port is all you need, or you have to redirect 987 too.
0
 
Akash BansalIT ProfessionalAuthor Commented:
I guess I had to reboot the router after configuring the 444 redirection.
I have rebooted the router now.
I guess I am able to hit the rww server after rebooting the router; getting certification revoked error.
I need to buy a new certificate. Once I fix the certification issue, I would get back to you.
Thanks for the valuable suggestions. :)
0
 
Cliff GaliherCommented:
RWW requires 443. You can't change that, unfortunately.
Similarly, there are several exchange services that require that the port be 443.

Your realistic choices are to replace the router (that's what I'd recommend) with one that supports all five IP addresses from your ISP.

Or.

Set up a reverse proxy behind your existing router and have it proxy traffic based on requested URL. Setting up a reverse proxy is not trivial, and requires ongoing patching and maintenance.
0
 
David Johnson, CD, MVPOwnerCommented:
or set-up the nat rules
WAN LAN  Protocol   device
443   443   TCP           exchangeipaddress
444   443   TCP           RWWipaddress
0
 
Cliff GaliherCommented:
As I've mentioned, RWW does not work on another port. A user could get to RWW from the outside by manually typing in :444, but most of the features will not work. Remote desktop access, media streaming, and other features that cannot use relative links are hard-coded to 443, which, of course, will hit the exchange server instead of the RWW server, and thus fail. That is why a reverse proxy or multiple IP addresses are required in this instance.
0
 
Akash BansalIT ProfessionalAuthor Commented:
As per Mr. Cliff even setting up NAT rules(suggested by Mr. David) or mapping (suggested point 2 by Mr. Olemo) would not work in my case.

Use of reverse proxy would also add new set of issues.

So, could you suggest any economical router, preferably cisco small business series or equivalent.

I have cisco RV042/ RVS4000 / RV120W & TP LINK TL-R470T+ http://www.tp-link.in/products/details/?model=TL-R470T%2B
0
 
Cliff GaliherCommented:
Especially for the small business, I prefer a UTM over a simple router. I think Sophos makes a great UTM for the price. SonicWall is also very popular and coming from Dell, has good support and longetivity. Most SMB UTMs will do what you need. The Cisco equivalent would be the ASA series. Like most Cisco gear, the ASAs are a little pricier, but can be good if the admin knows what they are doing. The RV series is actually a Linksys which Cisco bought....then sold...and were never very good.
0
 
Akash BansalIT ProfessionalAuthor Commented:
Thanks CLiff, you always helpful to me. :)

I can understand UTM like sonicwall is the right fit.

Need $100-$200 router that just accomplish the purpose. My clients don't have much budget.
Wish we could find some. All the clients have only 10-30 users max.
0
 
Cliff GaliherCommented:
The entry level UTMs are in the $200 range.
0
 
Akash BansalIT ProfessionalAuthor Commented:
I called up CISCO, they enabled one to one NAT, it solved the purpose & enabled me to use second public IP as well.
It worked like a charm.
0
 
Akash BansalIT ProfessionalAuthor Commented:
It worked on $100 CISCO RV series router.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 7
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now